Security | Intel vs Amd

Hello. While reading the Qubes site and forum, I noticed that most people use Intel computers inside, and the Qubes site says that Intel support in Qubes is better than support for the rest of the hardware.
So, I would be glad to hear your point of view on this matter, and possibly hear the reason for your preference.
As for Intel, a fairly large number of vulnerabilities are found in it, one Meltdown and Specter is worth it.
According to my observations, this is less common in Amd, in addition, many experts note that the Amd infrastructure is better than Intel. Plus Zen 3, from Amd, is incredible security.

One can in principle disable and neutralize the Intel ME (which looks like a backdoor), whereas there is no such possibility for AMD PSP, which is similar.

See also: What would ideal hardware for Qubes look like?.

1 Like

I read intel Me and intel AMT .

Intel AMT is inside Intel Me, and Intel AMT is the one that can do remote access to Intel Laptop.

AMT runs on the ME, but is only available on processors with vPro. AMT gives device owners remote administration of their computer, such as powering it on or off, and reinstalling the operating system.

do you think that the assumed backdoor is actually Intel AMT, and not entire Intel ME ?
can we assume that by using processors without vPro,
then actually we are already able to mitigate from this threat ?

how about unplugging the wifi card from our Laptop ?
can it prevent the adversary from accessing the NSA-tier ?
or maybe Intel ME is able to establish internet connection by itself without wifi card ?

AMT is definitely worse from this point of view, but ME still has infinite privileges in the system, including reading/writing RAM and AFAIK managing the network (links in Wikipedia have more details). You decrease the attack surface by avoiding the AMT, but it’s still not ideal.

The best solution is probably using a different architecture without suspicious proprietary blobs: Port Qubes to ppc64 [3 bitcoin bounty] · Issue #4318 · QubesOS/qubes-issues · GitHub.

1 Like

You decrease the attack surface by avoiding the AMT, but it’s still not ideal.

yes, correct

that different architecture is product from raptor computing system.
the price quite high, the motherboard only even more expensive than laptop.

I’m tired of intel, so I chose the amd side.
Amd’s non-AMD PSP processors are fairly newer than non-ME Intel processors.
I recommend you me_cleaner, it removes everything possibly related to ME, and cleans everything that it cannot remove so that it does not start.
I prefer AMD until the PowerPC is completely comfortable to use on a daily basis.

are there AMD, with non-AMD PSP processors ?

do we need me_cleaner after using AMD ?

can we ensure that, AMD with non-AMD PSP processors, contain no backdoor ?

Related to my issue , i have just checked BIOS and the Intel sticker, actually I don’t find any vPro, usually the Intel vPro will be written at the Intel sticker logo on Laptop. So the assumed backdoor exists without vPro.

I only know lenovo g505s, it is the only one that supports Coreboot for AMD processors. (I also know that there is a porting of Heads for the g505s)
You don’t need Me_Cleaner.
No one can guarantee you the absence of backdoors, they are both in Intel and AMD, I chose AMD because its processors without PSP are more powerful than processors without ME.
I think you should check the vPro for your processor on the Intel website.

1 Like